Disable Docker's tampering with iptables. We are opening ports as we see fit using host vars
This commit is contained in:
parent
f0825a10c1
commit
74928165f7
1 changed files with 31 additions and 0 deletions
|
|
@ -1,6 +1,37 @@
|
||||||
---
|
---
|
||||||
# tasks file for traefik
|
# tasks file for traefik
|
||||||
|
|
||||||
|
- name: Ensure systemd docker.service.d directory exists
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/docker.service.d/"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
tags: firewall
|
||||||
|
|
||||||
|
- name: Provide systemd config to disable Docker's tampering with the firewall
|
||||||
|
copy:
|
||||||
|
dest: /etc/systemd/system/docker.service.d/noiptables.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
content: |
|
||||||
|
[Service]
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/bin/dockerd -H fd:// --iptables=false
|
||||||
|
tags: firewall
|
||||||
|
register: docker_restart_required
|
||||||
|
|
||||||
|
- name: Restart docker service to pickup config changes
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
daemon_reload: yes
|
||||||
|
state: restarted
|
||||||
|
become: true
|
||||||
|
when: docker_restart_required.changed
|
||||||
|
tags: firewall
|
||||||
|
|
||||||
- name: Ensure traefik config directory exists
|
- name: Ensure traefik config directory exists
|
||||||
file:
|
file:
|
||||||
path: /home/{{ docker_user }}/traefik
|
path: /home/{{ docker_user }}/traefik
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue